EUVD-2026-19952

Local settings bypass config trust checks...

PT-2026-1236

Name of the Vulnerable Software and Affected Versions Apache Kyuubi versions 1.6.0 through 1.10.2 Description A client with access to the Apache Kyuubi Server through Kyuubi frontend protocols can bypass the server-side configuration kyuubi.session.local.dir.allow.list and access local files not...

CVE-2019-8133

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to...

CVE-2025-40581

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote...

CVE-2024-39790

Cisco Talos reports CVE-2024-39790 as affecting WAVLINK AC3000, specifically in nas.cgi set_ftp_cfg() where POST parameters (notably ftp_max_sessions, among others) are written to nvram and can trigger storage.sh ftp to modify ProFTPD config. The root cause is external configuration control via n...

The vulnerability of the Citrix Workspace App for HTML5, related to incorrect default permissions, allows a perpetrator to bypass the configuration parameters of the GACS (Global App Configuration service).

The vulnerability of the Citrix Workspace App for HTML5 is related to incorrect default permissions. Exploiting this vulnerability could allow a malicious actor to bypass the configuration parameters of the GACS Global App Configuration service...

Cassia Networks Gateway Security Vulnerability

Cassia Networks Gateway is an IoT gateway from Cassia Networks. A security vulnerability exists in Cassia Networks Gateway versions XC10002.1.1.2303082218, XC20002.1.1.2303090947, which stems from an uncleared queueUrl parameter in /bypass/config...

Cisco AsyncOS Input Validation Error Vulnerability

Cisco AsyncOS is a product of Cisco, Inc.Cisco AsyncOS is an operating system for Cisco devices. An input validation error vulnerability exists in Cisco AsyncOS that stems from improper detection of malicious traffic when the traffic is encoded in a specific content format, which can be exploited...

Design/Logic Flaw

xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...

Debian DLA-239-1 : cups security update

Two critical vulnerabilities have been found in the CUPS printing system : CVE-2015-1158 - Improper Update of Reference Count Cupsd uses reference-counted strings with global scope. When parsing a print job request, cupsd over-decrements the reference count for a string from the request. As a...

mxCamArchive 2.2 - Bypass Configuration Download

mxCamArchive 2.2 - Bypass Configuration Download Bypass Config Download Vulnerability script: mxcamarchive 2.2 download from:http://www.infireal.com/media/serve/106/mxcamarchive2.2.zip ........................................................................... expl:...

mxCamArchive 2.2 - Bypass Configuration Download

Bypass Config Download Vulnerability script: mxcamarchive 2.2 download from:http://www.infireal.com/media/serve/106/mxcamarchive2.2.zip ........................................................................... expl: http://site.com/path/archive/config.ini and login http://site.com/path/admin an...